June 29, 2016 at 8:30 am
I prefer using a username for logins rather than email because emails can be changed - company is bought out and they switch to new domain, you move to a new company, you change ISPs. For PASS, I found I have several "memberships" because they marked my signup as "new member" whenever I signed up for Summit using a different email address. If I simply had a membership number or a username, they'd instantly know that it's still me rather than creating yet another record for me.
June 29, 2016 at 9:11 am
below86 (6/29/2016)
I had my SSC account tied to my work email, and the password was saved by IE. So when I lost my job and couldn't remember the password but I did have my user name I thought I was going to have to start over here with a new account. I was able to get the kind people here to switch my account to be tied to my home email address, after giving them some info.I like having an email address and user name together, with a couple key questions that only you would know the answer to. This would have made my scenario easier to resolve on my own. Or have the option to tie your account to more than one email address, I think LinkedIn does have this option.
That's a good idea. I'll ask if we can think about this in the future.
June 29, 2016 at 11:23 am
Iwas Bornready (6/29/2016)
Jeff Moden (6/28/2016)
Meh... just have them use their SSN. :-):-D:-P;-):hehe::sick:I'm assuming you're joking.
Heh... what gave it away? The 5 different smiley faces or the barf-face? 😛
--Jeff Moden
Change is inevitable... Change for the better is not.
June 29, 2016 at 11:26 am
pabechevb (6/29/2016)
Iwas Bornready (6/29/2016)
Jeff Moden (6/28/2016)
Meh... just have them use their SSN. :-):-D:-P;-):hehe::sick:I'm assuming you're joking. Though they are supposed to be unique, working in the health industry we find duplicates all the time. It's more than just family members sharing the same SSN. We'll have unrelated people sharing the same SSN and have to vet out who is correct. It's a mess. That being said, how many people use the same email address? In medical offices quite a few. The providers like to share it. For our subscribers, family members share the same email address surprisingly more often that you would expect. There really is no single good answer that fits everyone. Just do what works best for you, first come first served.
In my case, our customer has told us that the SSN is a private information no one should see, as they're a medical provider. But we need people managing other users accounts, so we can't use it.
I assure you that I was kidding about the SSN thing. I treat SSN as one of the most sacred of all pieces of PII even if the Social Security Administration and the medical/financial/general community at large does not.
--Jeff Moden
Change is inevitable... Change for the better is not.
June 29, 2016 at 11:37 am
gosh yeah this stuff sitting right at the user-system boundary is dear to us all as it can severely impact daily ops on either side
managing ourselves on the user side:
========================
* when using multiple emails, set up forwarding back to a main inbox so you don't have to check a growing list of alternates but you still get the benefits
* yes sharing a "household" email seems good & natural... go ahead and forward those to (multiple) individual inboxes as above...
* i couldn't survive w/o a password database at this point... it needs to sync to all household desktops and mobiles and at least auto-pop desktop browser logins... KeePass is free and covers the basics with 3rd party phone apps as well as Mac... syncing through dropbox is indeed feasible on the cheap but i assume commercial alternatives (1Password, etc) are more integrated/dummy proof.
* um yeah, rule of thumb, don't use work email for anything you could possibly imagine wanting after you've relocated... at least a password database nicely mitigates having to remember all the places you've plugged in a particular email... but this is one of those easy to say lessons that doesn't really sink in until 6 months after you and everybody else that could help you has moved on 🙂
systems side:
=========
* we're relational modelers, so we of course know better than to design internal record identifiers directly dependent on any "visible" data... anything published will be readily changeable data hanging off the hidden internal key... are there any good roadblocks that prevent designing for changing even username as well as email, anything to do with name/surname changes, yes even fixing SSN's, etc... e.g. authentication services like Active Directory readily provide a unique user "SID" GUID, tie downstream systems to that vs any visible loginId.
* yes implement with multiple SELF SERVICE recovery options... motivations: accepting that automated recovery security is implementation that should be taken with due care i.e. mildly risky & spendy vs just tossing a few bodies at the problem and calling it a day ... but don't humans tend to overwhelmed / bored weak spots... the economics aren't there, lower wages won't care (sorry but it's true), higher wages should be doing something more productive... systems bit-rot too though.
* besides the classic security question route, gmail for example encourages providing a back up email for recovery... i feel like there's at least one other major approach i'm forgetting
* cloud vendors are providing very convenient multi-factor auth services to implement on at this point - MSFT Azure's MFA is very nice with the immediate popup on the phone
* related to "householding" idea above, companies should always only publish generic inbound addresses (departmental, etc) vs individual emails that come and go... even these corporate addresses could change or tombstone... consider keeping all alive indefinitely and forward to new vs fully abandoning
* further, enterprise ticket workflow solutions commonly present a shared queue of these inbound emails to all assigned team members instead of leaning on email beyond being one vector of initial ticket creation... outbound responses then carry unique ticket# in the subject for back end to marry up threaded correspondence... yes, we're forced to compromise an internal ticket key by making it visible here, but there's less expectation for permanence on a ticket# vs say a userid.
June 29, 2016 at 12:31 pm
Jeff Moden (6/28/2016)
Meh... just have them use their SSN. :-):-D:-P;-):hehe::sick:
When Wells Fargo first started doing online banking their default user name was in fact SSN, for years, originally I don't even think there was a way to change it....
June 29, 2016 at 12:35 pm
Personally, I prefer using an account name as email addresses are much more subject to change. I've had issues where I could not change my email account (not on SSC but on other accounts). To change the email address required closing the account and creating a new one. If multiple email addresses were supported (tied to an internal account) allowing me to change the primary email address then that would be suitable.
LinkedIn: https://www.linkedin.com/in/sqlrv
Website: https://www.sqlrv.com
June 29, 2016 at 2:31 pm
* we're relational modelers, so we of course know better than to design internal record identifiers directly dependent on any "visible" data... anything published will be readily changeable data hanging off the hidden internal key... are there any good roadblocks that prevent designing for changing even username as well as email, anything to do with name/surname changes, yes even fixing SSN's, etc... e.g. authentication services like Active Directory readily provide a unique user "SID" GUID, tie downstream systems to that vs any visible loginId.
I'm not so sure this is some sort of "settled" or undisputed aspect of relational theory, I've read any number of advocacy posts for natural keys and these often degenerate into useless and repetitive arguments for and against, so I'm not so convinced we all "know better".
June 29, 2016 at 2:58 pm
Jeff Moden (6/29/2016)
I treat SSN as one of the most sacred of all pieces of PII even if the Social Security Administration and the medical/financial/general community at large does not.
Yeah, the government is the biggest abuser of the use of SSN from the IRS, military, and even the SSA themselves!
LinkedIn: https://www.linkedin.com/in/sqlrv
Website: https://www.sqlrv.com
June 29, 2016 at 3:09 pm
Using a 3rd party to manage user identities make sense for many reasons, and the most compelling reason is that you own your identity and it can be reused seamlessly across websites. Unfortunately all the major players in the identity management field are also personal information aggregators who are in the business of reselling the detail of your everyday life to the highest bidder.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
June 30, 2016 at 2:09 am
Aaron N. Cutshall (6/29/2016)
Personally, I prefer using an account name as email addresses are much more subject to change.
I can understand that view, but the issue I've had is where the account name I've used in two or three places turns out to be in use by someone else when I try using it elsewhere, so I end up with multiple account names. This can be exacerbated with some sites determining their users' account names, so you end up with a plethora of them.
Aaron N. Cutshall (6/29/2016)
If multiple email addresses were supported (tied to an internal account) allowing me to change the primary email address then that would be suitable.
Yup, agreed.
Forum Etiquette: How to post data/code on a forum to get the best helpMake sure that you include code in the appropriate IFCode tags, e.g. <your code here>
. You can find the IFCode tags under the INSERT options when you are writing a post.
June 30, 2016 at 2:40 am
The problem with using your email address is that you communicate it to a huge number of people.
Sometimes it is possible to guess someones user name because it is based on their actual name or a well known nickname.
I would prefer an easy to remember user name that is not my name, nickname, football team etc.
Strong passwords are a pain to remember they more or less dictate the use of a password safe of some kind but which one would you trust?
I like AWS's use of multi-factor authentication. It worked well with the Google Authenticator app on my mobile.
I don't like security questions. What's you mother's maiden name? Too easy to research. What's your favourite colour (In Liverpool and Manchester the answer is red....except when its blue)
June 30, 2016 at 2:47 am
I like it when you can login using either your email address OR your username. Preferrably via the same textbox.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
July 6, 2016 at 1:59 pm
ZZartin (6/29/2016)
Jeff Moden (6/28/2016)
Meh... just have them use their SSN. :-):-D:-P;-):hehe::sick:When Wells Fargo first started doing online banking their default user name was in fact SSN, for years, originally I don't even think there was a way to change it....
I, for one, am glad this has changed.
July 21, 2016 at 2:57 pm
I know I'm a bit late to this party but I figured what the heck.
I have separate email addresses for the need. If it is a site I use for my current place of employment I use that email address and leave the site once changing jobs. If it is a site for my professional development I use the email address I have tied to my Linkin account. If it is a hobby site or gaming (I'm a PC gamer) and will only be used for personal enjoyment/hobby purposes I use the email address tied to my steam account.
I also have a "junk" email address that is used for those sites that insist on having one to access specific information even though I don't think they need one.
It does make for many accounts but it is still far easier than trying to wade through multiple usernames or clearing out junk from fewer email accounts.
Viewing 15 posts - 16 through 30 (of 30 total)
You must be logged in to reply to this topic. Login to reply